svn commit: r421135 - in head/security: . snort2pfcd snort2pfcd/files
Ben Woods
woodsb02 at FreeBSD.org
Tue Aug 30 23:37:49 UTC 2016
Author: woodsb02
Date: Tue Aug 30 23:37:47 2016
New Revision: 421135
URL: https://svnweb.freebsd.org/changeset/ports/421135
Log:
Add new port security/snort2pfcd, which analyzes snort alert output and
blocks ip addresses using pf for a specified period of time.
PR: 211813
Submitted by: onestsam at gmail.com
Reviewed by: adamw, mat (mentors)
Approved by: koobs (mentor)
Differential Revision: https://reviews.freebsd.org/D7712
Added:
head/security/snort2pfcd/
head/security/snort2pfcd/Makefile (contents, props changed)
head/security/snort2pfcd/distinfo (contents, props changed)
head/security/snort2pfcd/files/
head/security/snort2pfcd/files/patch-Makefile (contents, props changed)
head/security/snort2pfcd/files/snort2pfcd.in (contents, props changed)
head/security/snort2pfcd/pkg-descr (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Tue Aug 30 21:04:31 2016 (r421134)
+++ head/security/Makefile Tue Aug 30 23:37:47 2016 (r421135)
@@ -1066,6 +1066,7 @@
SUBDIR += snoopy
SUBDIR += snort
SUBDIR += snort-rep
+ SUBDIR += snort2pfcd
SUBDIR += snortreport
SUBDIR += snortsam
SUBDIR += snortsnarf
Added: head/security/snort2pfcd/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snort2pfcd/Makefile Tue Aug 30 23:37:47 2016 (r421135)
@@ -0,0 +1,22 @@
+# $FreeBSD$
+
+PORTNAME= snort2pfcd
+PORTVERSION= 0.5
+CATEGORIES= security
+MASTER_SITES= http://www.tworoutes.com/oss/
+
+MAINTAINER= onestsam at gmail.com
+COMMENT= Snort alert to pf blocker
+
+LIB_DEPENDS= libcidr.so:devel/libcidr
+RUN_DEPENDS= snort:security/snort
+
+USE_RC_SUBR= snort2pfcd
+PLIST_FILES= man/man8/snort2pfcd.8.gz \
+ sbin/snort2pfcd
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/snort2pfcd ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_MAN} ${WRKSRC}/snort2pfcd.8.gz ${STAGEDIR}${MAN8PREFIX}/man/man8
+
+.include <bsd.port.mk>
Added: head/security/snort2pfcd/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snort2pfcd/distinfo Tue Aug 30 23:37:47 2016 (r421135)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1472559141
+SHA256 (snort2pfcd-0.5.tar.gz) = ea2f3df7bfbad5ecce7a266df89c4102cf5e92fa72869615925ca15631064dfe
+SIZE (snort2pfcd-0.5.tar.gz) = 9321
Added: head/security/snort2pfcd/files/patch-Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snort2pfcd/files/patch-Makefile Tue Aug 30 23:37:47 2016 (r421135)
@@ -0,0 +1,11 @@
+--- Makefile.orig 2016-08-30 14:07:38 UTC
++++ Makefile
+@@ -1,7 +1,7 @@
+ PROG= snort2pfcd
+ SRCS= main.c parser.c kevent.c spfc.c ioctl_helpers.c
+ MAN= ${PROG}.8
+-CFLAGS+=-Wall -Werror -pedantic
++CFLAGS+=-Wall -pedantic -I${LOCALBASE}/include
+ LDFLAGS+=-lutil -L${LOCALBASE}/lib -lcidr
+
+ .include <bsd.prog.mk>
Added: head/security/snort2pfcd/files/snort2pfcd.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snort2pfcd/files/snort2pfcd.in Tue Aug 30 23:37:47 2016 (r421135)
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: snort2pfcd
+# REQUIRE: DAEMON pf snort
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="snort2pfcd"
+rcvar=${name}_enable
+pidfile="/var/run/${name}.pid"
+command="%%PREFIX%%/sbin/${name}"
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+required_modules="pf"
+
+snort2pfcd_start()
+{
+ echo "Starting ${name}..."
+ if [ $(sysctl -n kern.securelevel) != "3" ]; then
+ ${command} ${snort2pfcd_flags}
+ else
+ echo "${name} cannot operate on pf at securelevel 3"
+ fi
+
+ if [ -f ${pidfile} ]; then
+ echo "${name} successfully started"
+ else
+ echo "${name} statup failed"
+ fi
+}
+
+snort2pfcd_stop()
+{
+ if [ -f ${pidfile} ]; then
+ echo "Stopping ${name}..."
+ kill $(cat ${pidfile})
+ rm ${pidfile}
+ else
+ echo "${name} is not running?"
+ fi
+}
+
+load_rc_config ${name}
+run_rc_command "$1"
Added: head/security/snort2pfcd/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snort2pfcd/pkg-descr Tue Aug 30 23:37:47 2016 (r421135)
@@ -0,0 +1,3 @@
+Analyzes snort alert output and blocks ip addresses using pf for a specified
+period of time. A whitelist is specified in CIDR format to exclude local and
+trusted ip address from being blocked.
More information about the svn-ports-all
mailing list